Introduce CertVerifierProc to handle system cert validation.

net/base/multi_threaded_cert_verifier.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/base/multi_threaded_cert_verifier.h"
 
+#include <vector>
+
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/compiler_specific.h"
 #include "base/message_loop.h"
 #include "base/metrics/histogram.h"
 #include "base/stl_util.h"
 #include "base/synchronization/lock.h"
 #include "base/time.h"
 #include "base/threading/worker_pool.h"
+#include "net/base/cert_verify_proc.h"
 #include "net/base/crl_set.h"
 #include "net/base/net_errors.h"
 #include "net/base/net_log.h"
 #include "net/base/x509_certificate.h"
 #include "net/base/x509_certificate_net_log_param.h"
 
 #if defined(USE_NSS)
 #include <private/pprthred.h>  // PR_DetachThread
 #endif
 
@@ skipping 97 matching lines @@
   CertVerifyResult* verify_result_;
   const BoundNetLog net_log_;
 };
 
 
 // CertVerifierWorker runs on a worker thread and takes care of the blocking
 // process of performing the certificate verification.  Deletes itself
 // eventually if Start() succeeds.
 class CertVerifierWorker {
  public:
-  CertVerifierWorker(X509Certificate* cert,
+  CertVerifierWorker(CertVerifyProc* verify_proc,
+                     X509Certificate* cert,
                      const std::string& hostname,
                      int flags,
                      CRLSet* crl_set,
                      MultiThreadedCertVerifier* cert_verifier)
-      : cert_(cert),
+      : verify_proc_(verify_proc),
+        cert_(cert),
         hostname_(hostname),
         flags_(flags),
         crl_set_(crl_set),
         origin_loop_(MessageLoop::current()),
         cert_verifier_(cert_verifier),
         canceled_(false),
         error_(ERR_FAILED) {
   }
 
   // Returns the certificate being verified. May only be called /before/
@@ skipping 12 matching lines @@
   // getting deleted.
   void Cancel() {
     DCHECK_EQ(MessageLoop::current(), origin_loop_);
     base::AutoLock locked(lock_);
     canceled_ = true;
   }
 
  private:
   void Run() {
     // Runs on a worker thread.
-    error_ = cert_->Verify(hostname_, flags_, crl_set_, &verify_result_);
+    error_ = verify_proc_->Verify(cert_, hostname_, flags_, crl_set_,
+                                  &verify_result_);
 #if defined(USE_NSS)
     // Detach the thread from NSPR.
     // Calling NSS functions attaches the thread to NSPR, which stores
     // the NSPR thread ID in thread-specific data.
     // The threads in our thread pool terminate after we have called
     // PR_Cleanup.  Unless we detach them from NSPR, net_unittests gets
     // segfaults on shutdown when the threads' thread-specific data
     // destructors run.
     PR_DetachThread();
 #endif
@@ skipping 37 matching lines @@
         origin_loop_->PostTask(
             FROM_HERE, base::Bind(
                 &CertVerifierWorker::DoReply, base::Unretained(this)));
       }
     }
 
     if (canceled)
       delete this;
   }
 
+  scoped_refptr<CertVerifyProc> verify_proc_;
   scoped_refptr<X509Certificate> cert_;
   const std::string hostname_;
   const int flags_;
   scoped_refptr<CRLSet> crl_set_;
   MessageLoop* const origin_loop_;
   MultiThreadedCertVerifier* const cert_verifier_;
 
   // lock_ protects canceled_.
   base::Lock lock_;
 
@@ skipping 78 matching lines @@
   const base::TimeTicks start_time_;
   std::vector<CertVerifierRequest*> requests_;
   CertVerifierWorker* worker_;
   const BoundNetLog net_log_;
 };
 
 MultiThreadedCertVerifier::MultiThreadedCertVerifier()
     : cache_(kMaxCacheEntries),
       requests_(0),
       cache_hits_(0),
-      inflight_joins_(0) {
+      inflight_joins_(0),
+      verify_proc_(CertVerifyProc::CreateDefault()) {
   CertDatabase::AddObserver(this);
 }
 
 MultiThreadedCertVerifier::~MultiThreadedCertVerifier() {
   STLDeleteValues(&inflight_);
 
   CertDatabase::RemoveObserver(this);
 }
 
 int MultiThreadedCertVerifier::Verify(X509Certificate* cert,
@@ skipping 28 matching lines @@
   CertVerifierJob* job;
   std::map<RequestParams, CertVerifierJob*>::const_iterator j;
   j = inflight_.find(key);
   if (j != inflight_.end()) {
     // An identical request is in flight already. We'll just attach our
     // callback.
     inflight_joins_++;
     job = j->second;
   } else {
     // Need to make a new request.
-    CertVerifierWorker* worker = new CertVerifierWorker(cert, hostname, flags,
+    CertVerifierWorker* worker = new CertVerifierWorker(verify_proc_, cert,
+                                                        hostname, flags,
                                                         crl_set, this);
     job = new CertVerifierJob(
         worker,
         BoundNetLog::Make(net_log.net_log(), NetLog::SOURCE_CERT_VERIFIER_JOB));
     if (!worker->Start()) {
       delete job;
       delete worker;
       *out_req = NULL;
       // TODO(wtc): log to the NetLog.
       LOG(ERROR) << "CertVerifierWorker couldn't be started.";
@@ skipping 47 matching lines @@
   delete job;
 }
 
 void MultiThreadedCertVerifier::OnCertTrustChanged(
     const X509Certificate* cert) {
   DCHECK(CalledOnValidThread());
 
   ClearCache();
 }
 
+void MultiThreadedCertVerifier::SetCertVerifyProc(CertVerifyProc* verify_proc) {
+  verify_proc_ = verify_proc;
+}
+
 }  // namespace net